<?
require_once("../config/dbconn.php");
//判定二级密码
$msg='';

if ($action=='yzpwd1'){
	if (trim($hypwd1)=='') $msg="请输入二级密码";
	else{
		$sqlhy="select * from {$db_prefix}users where id='".$_SESSION['sys_userid']."'";
		$rshy=$db->get_one($sqlhy);
		if (authcode($rshy['pwd1'],"DECODE")!=$hypwd1){
			$msg="二级密码验证失败";
			echo "<script>alert('$msg'),history.back();</script>";exit();
		}else{
			$_SESSION['sys_hypwd1']=authcode($hypwd1,"ENCODE");
			$_SESSION['mmyanzheng']=1;
			
			
			
			echo "<script>location.href='{$curfilename}';</script>";exit();
		}
	}
}
$hypwdok=0;
////////////////////////////////////////////////////////////////////////////////
if (!$url){
	if($_SESSION['sys_hypwd1']){
		//是否与会员的二级密码相对应
		$sqlhy="select * from {$db_prefix}users where id='".$_SESSION['sys_userid']."'";
		$rshy=$db->get_one($sqlhy);
		if (authcode($rshy['pwd1'],"DECODE")==authcode($_SESSION['sys_hypwd1'],"DECODE")){
			$hypwdok=1;
			
		}
	}
	
	if ($hypwdok==0){
		$curfilename=basename($_SERVER['SCRIPT_FILENAME']);
		echo "<script>location.href='pwd1cls.php?url={$curfilename}';</script>";exit();
	}
}


if ($hypwdok==0){
	
	if($url) 
	{
		$str = $url;
		$arr=explode('.',$str,2);
		$ass =  $arr[1];
		if(strcasecmp(strtolower($ass),strtolower("php")) == 0){
			$curfilename=$url;
		}
		else
		{
			$curfilename=$url.".php"; 
		}
		
		

	}
	else 
	{$curfilename=basename($_SERVER['SCRIPT_FILENAME']);

	}
	
?>
<Br /><Br />
<div align="center">
<form action="" method="get"><input name="curfilename" type="hidden" value="<?=$curfilename?>" /><input name="action" type="hidden" value="yzpwd1" />
请输入二级密码/Please enter two passwords： <input name="hypwd1" type="password" id="hypwd1"><input type="submit" value="确定/Determine" name="B1" /> <span style="color:#FF0000"><?=$msg?></span></form>
</div>
<?
	exit();
}
?>